Squid SSM Proxy (Docker)

A minimal Squid proxy that only allows HTTPS CONNECT to AWS SSM endpoints in us-east-1 from a specific CIDR.

How it works

Dockerfile uses a two-stage build. It renders squid.conf from squid.conf.template via envsubst, filling FROM_VPC_CIDR.
Final image is based on ubuntu/squid:latest; Squid runs with -NYC -f /etc/squid/squid.conf.

Allowlist

.ssm.us-east-1.amazonaws.com
.ssmmessages.us-east-1.amazonaws.com
.ec2messages.us-east-1.amazonaws.com

Build

On EC2 (reads CIDR from IMDSv2):

scripts/build.sh

Generic host (infers /24 from first global IPv4):

scripts/build_alt.sh

Manual CIDR:

docker build --build-arg FROM_VPC_CIDR=10.0.0.0/16 -t my-squid:ssm .

Run

scripts/run.sh
# tail logs
scripts/logs.sh

Exposes 3128. Logs to syslog via /dev/log.

Notes

Change the region in squid.conf.template if you’re not in us-east-1.
Consider pinning the base image tag or digest for reproducibility.

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
scripts		scripts
.dockerignore		.dockerignore
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
squid.conf.template		squid.conf.template

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Squid SSM Proxy (Docker)

How it works

Allowlist

Build

Run

Notes

About

Uh oh!

Releases

Packages

Languages

NebulaRover77/squid-proxy-docker

Folders and files

Latest commit

History

Repository files navigation

Squid SSM Proxy (Docker)

How it works

Allowlist

Build

Run

Notes

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages